Authentication
Compliancely APIs uses JWT (JSON Web Token) authentication.
To keep your data secure and ensure only authorized clients can access our services, all API requests require authentication via JSON Web Tokens (JWT). Our authentication system uses a two-token approach — an access token for making requests and a refresh token for obtaining new access tokens without re-entering credentials.
The process is straightforward:
- Sign in once with your username and password to get your access and refresh tokens.
- Use your access token in every API request until it expires.
- Refresh it seamlessly with your refresh token when needed.
- Validate tokens anytime to check their status and remaining lifetime.
This approach ensures:
- Fewer authentication calls, reducing API load and improving performance.
- Secure token storage for quick re-authentication.
- A consistent, reliable method for all clients, whether you're building asynchronous jobs, UI integrations, or backend services.
Implement token caching in your application to avoid unnecessary calls and keep things lightning-fast.
For full endpoint details, see:
/api/v2/token/ – Initial authentication.
/api/v2/token/refresh/ – Get a new access token.
/api/v2/token/validate/– Verify token validity.
Note: We do not recommend using of Basic Auth
Validity
The access_token is valid for 1 hour. After it expires, you can use the Access Token by Refresh Token endpoint to obtain a new access_token.
The refresh_token remains valid for 24 hours.
Recommendation: Use the refresh token after the access_token expires to enhance overall security.
Throttling
This API enforces throttling, allowing a maximum of 10 requests per minute (RPM). If you exceed this limit, the following error will be returned, and you will need to wait 10 minutes before retrying.
{
"detail": "Your request has been throttled due to exceeding the allowed rate limit. Please wait for 10 minutes before trying again. If this issue persists, consider adjusting the request frequency or contact support for further assistance."
}
Response codes and errors
| Status Code | Response |
|---|---|
| 400 | { "username": [ "This field may not be blank."] } |
| { "password": [ "This field may not be blank."] } | |
| { "non_field_errors": [ "Unable to log in with provided credentials."] } | |
| { "username": [ "This field is required."] } | |
| { "password": [ "This field is required."] } | |
| 200 | {"token": } |
| 429 | { "detail": "Your request has been throttled due to exceeding the allowed rate limit. Please wait for 10 minutes before trying again. If this issue persists, consider adjusting the request frequency or contact support for further assistance." } |
| 500 | Internal Server Error |
| 502 | Bad Gateway |
Updated 11 days ago